These are undeniably boom times for the hospitality industry, with the post-COVID rebound showing no signs of slowing: according to one estimate, reservation rates are trending 11% ahead of those seen in 2022. But it is not quite time to celebrate yet. Yes, increased business is a very good thing. But the fact remains that a single cyberattack can undo all that progress in the blink of an eye, and then some—and as we've seen this year, the hospitality industry is uniquely vulnerable to this threat.
Put simply, the hospitality industry has suffered a disastrous recent run of breach events. First, in early September, it emerged that MGM Resorts International had been attacked. This incident prevented many customers from using their key cards, hobbled internal communication systems, and led to the loss of some customers' personal information (thankfully, no credit card information appears to have been stolen). Second, this is not just a localized event within the U.S., but is growing into a larger global challenge: cybercriminals attacked Indian hotel Taj, compromising 1.5 million customers' information, and in Singapore, the iconic Marina Bay Sands hotel suffered a breach affecting over half a million customers.
Spectacular as these breaches were—the MGM attack alone cost the company around $100 million—they were far from aberrations. Dismayingly, attacks like these have become par for the course in the hospitality industry, with one report finding that 31% of hospitality organizations have reported a data breach in their history.
It is a given that the costs of a cyberattack—reputational and financial—make improving cybersecurity systems a first-order priority for hospitality organizations. But what if I told you that one of the best ways to fend off the bad guys, and keep customer data safe, is to enlist hackers of your own?
Why the hospitality industry is uniquely vulnerable
Before explaining why ethical hackers are such a valuable solution for hospitality organizations today, it is worth first explaining why vigilant cybersecurity practices are so important for hospitality organizations in the first place.
No question, an attack is bad for any kind of business. But think of it this way: when a social media site is attacked, the social media site's support staff doesn't have to deal with the social media site's users in the flesh. A disruption at a hotel or a resort is a different story. For the duration of your customer's trip, your organization serves as their de facto home. If they suddenly can't access the Internet—or, even worse, their own rooms—they are going to be vocally unhappy. Even if every other aspect of their trip has been flawless, an interruption like that can tank their overall impression of their stay—and lead to the kinds of negative online reviews and word-of-mouth that is especially harmful for hospitality businesses, particularly smaller ones.
Unfortunately, other key features of the hospitality industry almost guarantee the likelihood of breaches. These can include rapid staff turnover (and subsequent inexperience) and the ubiquity of point-of-sale systems. And while efforts to improve the customer experience through the retention and analysis of data are indispensable, and can yield spectacular results, the fact remains that this data will always make hospitality organizations a special target.
How hackers can help
So, how can hackers help? A recent report from HackerOne—a platform that connects hackers with businesses—provides some interesting insight into this question.
Part of the problem is that companies are cutting security budgets at the precise time that security is most needed. According to the report, one-third of companies made security budget cuts last year, and at least a quarter made or plan to make security budget cuts this year. There are various reasons for this—the ongoing IT skills gap, for instance, which has only grown in 2023—but the overall effect is clear: IT teams—facing one of the most threatening moments in cybersecurity history—are woefully understaffed.
Hackers can help fill the gaps and better position businesses to resist cyberattacks by identifying vulnerabilities before bad actors can exploit them. There is a reason that 70% of survey respondents said that hacker efforts helped them to avoid a significant security incident: only hackers possess the skill sets required to beat attackers at their own game and keep hospitality organizations safe.
And it's important to note that hackers accomplish this service for less—sometimes significantly less—than what a hotel or resort might pay for an extra full-time staffer or a costly third-party partnership. Per the report, the average cost of identifying a bug across industries is between one and four thousand dollars—pocket change next to the cost of an actual breach, which, as we’ve seen with MGM, can quickly spiral into nine digits.
Of course, the role of hackers grows only more urgent with the rise of generative AI tools, which some are already warning could lead to significantly more sophisticated cyberattacks against hospitality companies. Unsurprisingly, the majority of respondents (55%) said that GenAI will become a major target for them in the coming years, while for 14%, it is already a significant tool.
If recent history is any indication, the dire conditions that have made hackers so necessary aren't going away any time soon—quite the opposite, in fact. As the hospitality industry enjoys its much-deserved rebound, it is necessary—however unpleasant it might be—to keep the worst-case scenario in mind and to act accordingly. In a threat environment like the one the hospitality industry is facing today, only hackers can make the necessary difference.
